Senior Pen Tester / Check Team Lead
DXC is the world’s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology is a $25 billion company with a 60-year legacy of delivering results for thousands of clients in more than 70 countries. Our technology independence, global talent and extensive partner network combine to deliver powerful next-generation IT services and solutions.
In a time of change, thrive with DXC Technology.
Learning does not only happen through training. Relationships are among the most powerful ways for people to learn and grow, and this is part of our DXC culture. In addition to working alongside talented colleagues, you will have many opportunities to learn through coaching and stretch assignment opportunities. You’ll be guided by feedback and support to accelerate your learning and maximize your knowledge. We also have a “reverse mentoring” program which allows us to share our knowledge and strengths across our multi-generation workforce.
Enterprise Security supports our customers by providing IT Security-focused consultancy. Our customers utilize our extensive knowledge and experience of penetration, testing, governance risk and compliance, network security, and remote access. We are there for our customers – come join us!
This vacancy is for a qualified penetration tester to join Enterprise Security Services’ successful Threat and Vulnerability Management team. The team provides Penetration Testing services to a wide range of customers and due to growth in our business we are looking to expand our team.
We are looking for a current CHECK Team Leader, obtained via the CREST App/Infrastructure CCT exam, Tiger Senior Tester.
The successful candidate will demonstrate a keen interest in this area of information security and satisfy our technical team that they have the right technical areas of expertise/interest.
Although the vacancy is for CHECK Team Lead or CCT qualified individual able to hold UK Security Clearance, a high end CHECK Team Member or CRT qualified individual able to hold UK Security Clearance can be considered, provided they are looking to move onto the next level and can demonstrate the required skill sets. ,
The successful candidate will already have or be prepared to apply for and achieve a UK security clearance.
The role entails working away at customer or customer hosting sites most weeks as well as some remote testing and reporting and involves some occasional out of hours working. Weekend working may be involved on the rare occasion but in all cases, individual circumstances will be considered as part of our resource scheduling process.
Further details on schemes of which DXC ESS is a member can be found on NCSC’s web-site for CHECK and the UK CREST website.
Qualifications: and Skills required
The candidate must have expert knowledge and significant experience of penetration testing. The candidate will ideally hold one or more of the following - CREST Certified Tester – Infrastructure or Application, TIGER Senior Tester and ideally CHECK Team Leader status.
Key performance indicators:
- Penetration testing skills including the use of relevant tools and technologies.
- Ability to work individually and as part of a team to deliver penetration testing services to a wide range of clients.
- Support production of penetration testing scoping documents.
- Undertake tests remotely and on site, and produce high quality pre-test documentation and post-test reports in line with service procedures and quality management system.
- Knowledge of legal aspects concerned with penetration testing.
- Excellent communication and people skills.
- Ability to work under pressure and to tight timescales
- A detailed understanding of, and experience in, IT security;
- Candidates should be self-directed, innovative, proactive, pragmatic and highly motivated
- An appreciation of penetration testing. Some hands-on experience would be desirable but not essential
- Knowledge of network and internet security. This should include a low-level knowledge of network traffic and protocols;
- Detailed Windows/Unix operating system knowledge
- Technical understanding of security products such as firewalls, IDS, and security aspects of products such as operating systems
- Appreciation of trends in IT security